320 likes | 478 Views
DATA & COMPUTER SECURITY (CSNB414). MODULE 5 AUTHENTICATION PROTOCOLS. Something to Ponder…. We ore often members to several institutions / organizations where we are identified by our respective IDs (e.g. IC & student matrix numbers, email IDs etc.)
E N D
DATA & COMPUTER SECURITY (CSNB414) MODULE 5 AUTHENTICATION PROTOCOLS
Something to Ponder….. • We ore often members to several institutions / organizations where we are identified by our respective IDs (e.g. IC & student matrix numbers, email IDs etc.) • Authentication methods are needed to ensure that a user is who he / she claimed to be. • This is to ensure that security is well implemented to protect the respective assets (data, resources etc). • Authentication can be carried out manually or automatically through computer systems. • Automatic authentication pose threats from spoofing, eavesdropping, modification and masquerading.
Types of Authentications • What the user ‘knows’ e.g. passwords, PINs, secret codes etc. • What the user ‘possesses’ e.g. MyCard, Passport, smartcards, keys etc. • ‘Characteristics’ of the user himself = biometrics e.g. behavioral traits like signature, voice etc. e.g. physical traits like thumbprint, face etc.
Threats to Password Authentication • Due to user errors ~ user-chosen passwords are easy to be cracked e.g. birthdays, names, common words, favorite celebrities, club etc. ~ system generated passwords are often written down on papers, stored on PC, hp etc. ~ same passwords for several systems • Due to system vulnerabilities ~ Trojan horse masquerade ~ inadequate / ineffective security measures to protect the password files e.g. plaintext system password list **Read text book page 216-217** • Untrustworthy employees
Tips for Password Selection • Choose mixed types of characters • Choose long passwords • Avoid names / words • Change passwords regularly • Avoid using same passwords for different applications • Do not disclose to others • Do not write it down
Brute Force Attack An exhaustive attack on a password authentication system by trying out all possible combination of passwords. E.g. a password of letters A – Z (26 letters) of max 8 letters length. No of tries = 261 + 262 + ……+ 268 ~ almost five millions Dictionary Attack An attack on a password authentication system by trying out all possible words, beginning with the one with the highest probability of being used Brute Force Vs. Dictionary Attacks
Plain text Encrypted / Hashed password file password file Plaintext Passwords Vs. Encrypted / Hashed Passwords User key in password User key in password e.g. password = my_password System stores my_password System hash password e.g. hashed password =1500020F0C It is difficult to crack hashed password unless hash code is known!! System store 1500020F0C
Example of available standards: MD4, MD5, SHA-0 Verification Process of Hashed Passwords User key in password System derive hashed reference password e.g. password = my_password System hash password e.g. hashed reference password =1500020F0C e.g. hashed input password =1500020F0C Input password == reference password? Yes No Access granted Access denied
Problem of Hashed Passwords What if ??? Tom’s password = my_password Jerry’s password = my_password Tom’s hashed password = Jerry’s hashed password =1500020F0C If a hacker knows Tom’s password & he discover Tom’s hashed password = Jerry’s hashed password Then he know Jerry’s password (&& THE HASH CODE TOO!!) **check MDcrack**
Solution : Add ‘salt’ to password to make it unique Salt = unique random code Salted Hashed Passwords User key in password e.g. password = my_password System add salt to password e.g. salted password = my_passwordUNT1079 System hash salted password Therefore, Tom & Jerry will never have the same hashed password even if they use the same password e.g. salted hashed password =1124520Z0D System store 1124520Z0D and salt
Biometrics • Several types of biometrics are accurate (e.g. no 2 persons have the same DNA, iris or thumbprint pattern) • Others not (e.g. twins may look alike) • Accurate biometrics are hard to be fooled, assist in audit trail • HOWEVER, issues of privacy intrusion • Biometrics data may also be encrypted • Biometrics identification Vs. Biometrics verification - Identification : 1 to many searches (only for very accurate biometrics, closest match) - Verification : 1 to 1 comparison (often require ID, either positive or negative verification result)
False Rejection Rate (FRR) The likelihood that a legitimate user is rejected by the system. False Acceptance Rate (FAR) The likelihood that an impostor is accepted by the system as a genuine user. Equal Error Rate (EER) The point at which FRR == FAR. Biometrics Accuracy
Biometrics Accuracy (cont.) • FRR & FAR varies with the sensitivity threshold. • FRR and FAR are related, where if one figure is improved, then the other deteriorates. • How to set the sensitivity threshold? - Depends on system requirements e.g. A high security application does not tolerate any intruders, hence requiring low FAR. While a credit card verification system may require low FRR, in order to avoid its users being annoyed with a high frequency of rejection at counters. A national civilian applications would demand low FRR and low FAR to instil public trust and confidence. • Biometrics products often specified by its EER. • An ideal biometrics systems should produce 0%EER, however, this is often not realised.
Authentication Protocol • Two types of authentication protocols: • User authentication • Data authentication (we just focus on user authentication) • User authentication protocol is a protocol to authenticate a user. • Usually user authentication is realized by the use of password.
UAP1: Password-based protocol Alice Server H(P) [PT]: “I want to log on. I am Alice101” [PT]: “Give me your credential” H(PasswordA) Compare H(P) Yes No Access is granted Access is denied Status of access The problem arised when an Eve can read and store the H(P) that goes along the network. She can use the stored H(P) for later sessions, acting like a legitimate Alice. This is called a REPLAY ATTACK. Figure A
Explanation on password-based authentication This is the scenario: • Alice wants to gain access to a particular server and for this purpose she registers her userID and password at the server. • The server will compute the hash of Alice’ password and store both Alice’ userID and hashed password in its repository. • Now Alice wants to log on to a server, and she sends a message something like this: • ‘I want to logon and my userID is Alice101’ • Alice also compute the hash of her password and sends this together with her userID to the server. • The server would compare the userID and password hash sent by Alice and userID and password hash in its repository. • If they are matched, then the server will grant an access to Alice. • Otherwise, the access is denied
Password-based authentication • This scenario/protocol seems to work well. Alice can authenticate herself to the server using the hash of her password. • INote: remember that hash function produces unique message digests (or hash values) to different messages. Therefore message_A will have message_digest_A, and message_B will have message_digest_B, where message_A≠ message_B and message_digest_A ≠ message_digest_B. • If message_digest_A = message_digest_B, therefore we say that this is a collision. • However, this is not a good protocol because an Eve can do a replay attack.
Replay attack Definition: is a form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it. Figure A shows that an Eve (or intruder) has no difficulty to steal the network packet that contains the Alice’ hashed password. She can uses the network packet to gain access to a server at later time without Alice knowing it, masquerading as if she is a real Alice. In this case, the server would not know that this is not Alice since the comparison of hashed passwords gives a match.
Reminder… As you can see here, it is very easy for an attacker to guess or discover your password, IF your password is an English word. As explained in a lecture, they have a so called ‘rainbow table’ which lists all the English words together with its hash value. Finding the password based on the dictionary table is called a dictionary attack. Therefore it is VERY essential to ensure that you create a strong password that conforms to the password criteria listed in the previous slide.
UAP2: Stronger protocol: Challenge-Response Protocol Alice Server H(P) [PT]: “I want to log on. I am Alice101” H(P) E(H(P)) Challenge :a Nonce Response: append hashed password with a nonce H(P)||Nonce H(P)||Nonce Comp-are Yes No Access is granted Access is denied Figure B
Challenge-Response Protocol (cont..) • This is the scenario: • Alice wants to gain access to a particular server and for this purpose she registers her userID and password at the server. • The server will generate a list of Nonce. It also computes the hash of Alice’ password, append the hashed password with a Nonce and store both Alice’ userID, and her appended hashed password and Nonce in its repository.
Challenge-Response Protocol (cont..) • Now Alice wants to log on to a server, and she sends a message something like this: • ‘I want to logon and my userID is Alice101’ • The server then gives Alice the first Nonce. • Alice will append this Nonce together with her hashed password. • Alice then send the appended hashed password to the server. • The server would compare the userID and appended hashed password sent by Alice and userID and appended hashed password in its repository. • If they are matched, then the server will grant an access to Alice. • Otherwise, the access is denied
Challenge-Response Protocol (cont..) In this protocol, there is no point of an Eve to store the network packet that contains Alice encrypted hashed password. She cannot re-use this packet for future access because the Nonce used for each session will be different. Therefore the network packet will also be different for each session.
Nonce Definition: is a random number and can only be used once. The size would depend on the system administrator.
Challenge-Response Protocol (cont..) • For Challenge-Response protocol, you may encounter (in your readings from the book or internet) a few ways of sending the challenge and response. • Some say: • Encrypt the hashed password with the nonce, or • Hash the nonce with the password together. • Using timestamping • All of those are accepted provided that the main goal in this protocol is to avoid the eve from replaying the same network packet for illegal access.
If you don’t like the idea of password-based Challenge-Response protocol, we have another protocol that avoids the use of password. It is called a Key-based Challenge-Response Protocol.
UAP3: Key-Based Challenge-Response Protocol [PT]: ‘I want to log on and I am Alice101’ Server Alice Challenge: E[Nonce]KpubA KprivA D Response: Message||Nonce
Key-Based Challenge-Response Protocol In this scenario, the protocol avoids using a password to authenticate auser. First, Alice sends a message to the server saying that she wants to log on to it. The server will then issue a Nonce, encrypted using Alice’ public key KpubA, and send the encrypted Nonce to Alice. Upon receiving, Alice decrypts the ciphertext using her private key, KprivA and obtain the Nonce. Alice sends back the message appended with a Nonce to the server. With this, the server knows that the person who it sends the Nonce to is Alice, because only Alice can decrypt the Nonce and return it back to the server. This is what we call as, a challenge-response protocol, as a way to authenticate a user.
DATA & COMPUTER SECURITY (CSNB414) MODULE 5 --END--